Paving Stones of Good Intentions
October 9, 2011
Even Orwell didn’t foresee this, not specifically. From Kindergarten through college, students are now subjected to more forms of monitoring than I could have conceived of when I was a little rabble rouser. From cameras to RFID badges, it’s an entirely different world.
Now Michael Morris, is a lieutenant with the University Police at California State University-Channel Islands, is calling on universities to take surveillance to a whole new level. NetworkWorld reports on this in “Privacy Nightmare: Data Mine & Analyze all College Students’ Online Activities.” That’s right, the good lieutenant recommends recording every little thing college students do online and analyzing the data to predict and prevent “large-scale acts of violence on campus.” What’s more, it would be easy enough to do with today’s data management tools. Wrote Morris,
Many campuses across the country . . . provide each student with an e-mail address, personal access to the university’s network, free use of campus computers, and wired and wireless Internet access for their Web-connected devices. Students use these campus resources for conducting research, communicating with others, and for other personal activities on the Internet, including social networking. University officials could potentially mine data from their students and analyze them, since the data are already under their control. The analysis could then be screened to predict behavior to identify when a student’s online activities tend to indicate a threat to the campus.
Take a moment to reflect on the side effects of such a large-scale invasion of privacy. What other behavior, unrelated to potential violence, will be “predicted?” And how will those predictions be acted upon? The possibilities are endless.
Look, I get it. I once attended Virginia Tech, after all, and now I have a child in college myself. Not much scares me more than visions of some nut-job with guns descending on that campus. But I also realize that throughout history, fear has been the key to gaining citizen acceptance of the unacceptable. And now we have technology that allows the unacceptable to reach heights like never before.
Cynthia Murrell October 9, 2011
IBM OmniFind Security Issue
September 29, 2011
Avoid the security vulnerability by removing seven imcd*.flt files from the /lib or /bin directories of the OmniFind Enterprise Edition installation root directory. Removing these files should prevent the security vulnerability without loss of function because OmniFind Enterprise Edition does not use the CorelDraw functions.
Jasmine Ashton, September 29, 2011
Sponsored by Pandia.com
Protected: Setting Up Custom Access Controls in SharePoint Search
September 29, 2011
Social Media: Is There a Scare Factor?
September 17, 2011
From the “Do You Need to Be Reminded” Desk: Social media mining is a growing field, one that deals with parsing meaning out of the big data generated by social networks. Valuable to advertisers, but potentially also to employers, law enforcement, and even criminals, this data can generate relevant information about individuals and groups. But how do we know if it’s accurate? Eric Naone explores in, “When Social Media Mining Gets it Wrong.”
…In Las Vegas, at the computer security conference Black Hat, Alessandro Acquisti, an associate professor of information technology and public policy at the Heinz College at Carnegie Mellon University, showed how a photograph of a person can be used to find his or her date of birth, social security number, and other information by using facial recognition technology to match the image to a profile on Facebook and other websites. Acquisti acknowledges the privacy implications of this work, but he warns that the biggest problem could be the inaccuracy of this and other data-mining techniques.
If the privacy aspect of social media mining doesn’t scare you, the inaccuracy of the technology should. Correlations made from individuals’ social “likes” and comments are weak at best. If companies try to implement usage of big data gleaned from social media, it will no doubt push the issue into political debate in order to prevent misuse and breaches of privacy. Now what about social search? Worth considering?
Emily Rae Aldridge, September 17, 2011
Sponsored by Pandia.com, publishers of The New Landscape of Enterprise Search
Google Two-Step Authentication Spreads Across the Globe
September 16, 2011
At last, “Google Rolls Out Safer Two-Step Authentication in 150 Countries,” reports Softpedia. Google debuted the more rigorous verification earlier this year, but only in its English language incarnation. Now, another 40 languages and 150 localized Web sites are on board.
Writer Lucian Parfeni explains the revised method:
With two-step verification, or authentication, users have to provide a unique code along with their account credentials. This code is only available via their phones, ensuring that unauthorized persons, with no access to the phone, can’t get in even if their credentials have been compromised, or at least making it significantly harder.
This is good news. The new process is slightly more annoying, but the increased security is worth the small hassle. Well, to me, anyway. Then again, I’m not one to use “password” as my password, either.
Some might say, “Good move, Google.”
Cynthia Murrell, September 16, 2011
Sponsored by Pandia.com, publishers of The New Landscape of Enterprise Search
SQL Injection: Knowledge Prevents Problems
September 14, 2011
Our modern lives are controlled by databases: health records, financial records, education records, and online search. Even when you are not personally interfacing with a database, there is usually one behind the scenes controlling your enrollment, appointment time, or access to any given record. SQL is a computer database language used to write or create such databases and is vulnerable to hacking through a technique called SQL injection.
SQL injection exploits a security vulnerability in the database layer of an application, like queries. It’s considered one of the top 10 web application security vulnerabilities. Our culture of free access to information can be used for good or for evil. One example is this SQL Injection Pocket Reference.
Freely available on the Web, this pocket guide explains the ins and outs of SQL injection. The author could argue that this guide helps creators build more secure databases by recognizing mistakes in the framework or areas of weakness. However, a stronger argument could be made that such a reference is more of a “hacking for dummies” guidebook than anything else. Anyone who’s ever suffered an email or bank account hack would like to see such information be a little harder to find.
We are not fans of hacker related information or the hacker ethos. Information can prevent missteps. We suggest you consider learning about SQL injection and then double checking that you are not vulnerable.
Emily Rae Aldridge, September 14, 2011
Sponsored by Pandia.com, publishers of The New Landscape of Enterprise Search
Social Media: Making the Personal Impersonal
August 25, 2011
Search engines are now using social media data to rank query results. As crazy as it sounds, your Tweets could now alter the way Google gives you information on such benign things as “George Washington” or “grilled cheese sandwiches.” eSchool News takes a look at how “New Web-Search Formulas Have Huge Implications for Students and Society.”
Search results now differ from person to person based on algorithms have been altered to include social media data. Knowing that most people don’t go past the second page of results, they have tailored their ranking system to consider links you have clicked on and create a filter system based on those previous links. This isn’t something ground breaking since Amazon and Netflix have been using it for years to recommend books and movies, but is new to the major search engines.
At the 2011 Technology, Entertainment, and Design talk, Eli Pariser, the author of The Filter Bubble, shared his reservations with the “invisible algorithmic editing of the web.” He believes it only shows us what it thinks we want and not what we need to see.
[I]t was believed that the web would widen our connections with the world and expose us to new perspectives, Pariser said: Instead of being limited to the newspapers, books, and other writings available in our local communities, we would have access to information from all over the globe. But thanks to these new search-engine formulas, he said, the internet instead is coming to represent ‘a passing of the torch from human gatekeepers [of information] to algorithmic ones.’ Yet, algorithms don’t have the kind of embedded ethics that human editors have, he noted. If algorithms are going to curate the world for us, then ‘we need to make sure they’re not just keyed to [personal] relevance—they also should show us things that are important, or challenging, or uncomfortable.’
It seems that search engines may be focusing on personal factors, but are not personalizing the process. The user has no control over results. That customization is left to a rigid algorithm. If a restaurant says that they make burgers “made-to-order,” then I expect to be able to pick mustard and onions on one visit, and pick cheese and ketchup on the next visit. The server should not just look at my past orders and make an educated guess. There is nothing “personal” about that.
Could this lead some well meaning people down an unintended and risky path to censorship-by-computer. Users must gain more control over these search formulas. There are certainly times when social media parameters are acceptable, but sometimes you want and need to see the other side. It depends if you are settling an argument between your friends over song lyrics or writing a thesis on communism. Until users are offered more liberal control, I think this “personal” ranking system will actually suppress and limit a lot of important information that users are seeking. The social impact on a search comes at a pretty high price.
Jennifer Wensink, August 25, 2011
Sponsored by Pandia.com
More Open Source Woes: Malware Problem Grows
August 25, 2011
The article, Attack on Open-Source Web App Keeps Growing, on The Register, reports of an alarming attack on the open-source online shopping application, osCommerce. The attack injects malware into the computers of users of the shopping app.
Being open-source, osCommerce is understandably a very popular product for any online vendor. There own website boasts that over 250,000 shop owners, developers and entrepreneurs utilize their product. With that being the case, Amorize’s bleak report on the number infected with the malware is no surprise. At the time of publication of the article, experts estimated over 8.3 million pages were infected.
The attack is best explained by the article:
Armorize said attackers are exploiting three separate vulnerabilities in the open source store-management application, including one that was discovered last month. Harold Ponce de Leon, the lead developer of osCommerce, said there’s only one vulnerability that’s being exploited, but he admitted that no one on his team has spoken to anyone at Armorize to reconcile the difference of opinion.
This exploitation of open-source software is bad news for not only the open-source community, but also the search industry as well. The rate at which pages are becoming infected signifies how quickly one unprotected piece of software can infect an entire community.
There is a patch for the problem but unfortunately, as evidenced by the number of infected, it is not being applied. Anytime an update is available, it is imperative that users download it immediately. If you are using open source, you may have to worry about more than legal hassles. Will this affect Lucene and other open source search solutions? Stay tuned.
Catherine Lamsfuss, August 25, 2011
Sponsored by Pandia.com
Google Enterprise Elevates Its Game with Security Certification
August 16, 2011
Google recently announced that both their Google Apps suite and their Google Apps engine have received SSAE-16 security certification. The certification could open a lot of new doors for Google in the world of enterprise. ZDNet provides coverage in, “Google App Engine Now Officially Secure.”
The certification process covers everything from physical security at the data center to making sure that only pre-cleared staff have access to customer data, to evaluating Google’s redundancy and incident reporting . . . And the bottom line to all this is that several enterprises require their cloud providers to be compliant with these standards – formerly SAS 70, and now SSAE-16. And this means that Google App Engine is open to a whole new customer base, with confidences bolstered by an authoritative second opinion.
While not a major deviation from their previous certification, the stamp of approval from the American Institute of Certified Public Accountants is good business. As data continues to grow exponentially on the web and on the cloud, security will continue to be the top priority. Continuing to redefine themselves in a way that gives them freedom to rely less on their famous search model, Google now has the security authority to venture into new realms.
Google does not seem particularly quick off the security launch pad in our opinion.
Emily Rae Aldridge, August 16, 2011
Sponsored by Pandia.com, publishers of The New Landscape of Enterprise Search
Free Program Removes DRM Controls from PDFs
August 12, 2011
We’ve found a tool that is, perhaps, a bit concerning. Softpedia presents, for free, PDF Drm Removal 1.4.2.0. The developer of the software is listed as Removedrmfromepub.com. The product description reads,
PDF Drm Removal is a professional and reliable application designed to remove DRM protections from PDF files with no quality loss. Just removes the PDF files drm header, no change on the files. Read the PDF on any supported devices!
Interesting and somewhat concerning. We understand there’s controversy over Digital Rights Management controls; some say that they stifle innovation or violate private property rights. Others say the technology unnecessarily locks documents into a format that is bound to become obsolete someday.
However, we necessarily sympathize with publishers and writers, like Stephen E. Arnold, who
rely on PDF security to safeguard documents. How else will they protect their work in the digital age?
Cynthia Murrell August 11, 2011
-
- Subscribe to Beyond Search
Feature archive
News archive
-
